Lost iPhone is thief's treasure: How cybercriminals resell your smartphone

Cybersecurity firm Trend Micro reveals the ugly truth about how criminal hackers turn a stolen iPhone into a resaleable device.

grabpay singapore launch
A woman holding her iPhone device (Reuters)

Gone are the days that stolen Apple devices end up in the trash bin when not recovered by the owner. A lost iPhone can now be resold if they fall into the hands of cybercriminals.

On Tuesday, November 14, Trend Micro revealed in a blog post the illicit world of physical theft and cybercrime, detailing how selling stolen Apple devices end up to be a lucrative business that there are actually criminal rings working so hard behind it. The iCloud unlocking business is said to be operational in countries like the US, Saudi Arabia, India, France and Italy, among many others.

How criminals resell iPhone, iPad

These criminal hackers are said offering services for hire to unlock iCloud accounts of stolen iPhone or iPad devices to resell them. Surprisingly, these services include phishing attacks in hopes to obtain credentials of the owner.

"They spoof an email or SMS from Apple notifying victims that their device has been found. The eager victim, wanting their phone back, clicks on the link that will compromise their iCloud credentials, which is then reused to unlock the stolen device," explains the post.

"The thieves will then subcontract third-party iCloud phishing services to unlock the devices. These Apple iCloud phishers run their business using a set of cybercriminal tools that include MagicApp, Applekit, and Find My iPhone (FMI.php) framework to automate iCloud unlocks in order to resell the device in underground and gray markets."

The phishing attack is concisely explained in the infographic from Trend Micro below:

stolen iphone
(Trend Micro)

Once the hackers gain access to the iCloud using the fetched data from the users, they can now wipe the phone's data or factory reset it, making it viable for resale. Hence, Trend Micro recommends verifying the vendor or carrier of a pre-loved device before purchasing it. In the US, the Cellular Telecommunications Industry Association has a way to check a device's IMEI to known whether it is stolen, blacklisted or in a good state.